-
Bug
-
Resolution: Done
-
High
-
Aluminium SR3, 1.13.1
-
None
-
None
Exception is thrown when connecting NETCONF devices with certain kex algorithms to ODL.
I encountered this problem with Cisco NSO 5.2.
Exceptions thrown (for more details see attached karaf.log):
15:29:08.791 WARN [sshd-NetconfSshClient[1029d22e]-nio2-thread-6] Unable to setup SSH connection on channel: [id: 0x93bf3c69]15:29:08.791 WARN [sshd-NetconfSshClient[1029d22e]-nio2-thread-6] Unable to setup SSH connection on channel: [id: 0x93bf3c69]org.opendaylight.netconf.nettyutil.handler.ssh.client.AuthenticationFailedException: Authentication failed at org.opendaylight.netconf.nettyutil.handler.ssh.client.AsyncSshHandler.lambda$handleSshSessionCreated$1(AsyncSshHandler.java:132) [bundleFile:?] at org.opendaylight.netconf.shaded.sshd.common.future.AbstractSshFuture.notifyListener(AbstractSshFuture.java:159) [bundleFile:?] ... Caused by: org.opendaylight.netconf.shaded.sshd.common.SshException: Unable to negotiate key exchange for kex algorithms (client: ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256,diffie-hellman-group18-sha512,diffie-hellman-group17-sha512,diffie-hellman-group16-sha512,diffie-hellman-group15-sha512,diffie-hellman-group14-sha256 / server: diffie-hellman-group14-sha1)Caused by: org.opendaylight.netconf.shaded.sshd.common.SshException: Unable to negotiate key exchange for kex algorithms (client: ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256,diffie-hellman-group18-sha512,diffie-hellman-group17-sha512,diffie-hellman-group16-sha512,diffie-hellman-group15-sha512,diffie-hellman-group14-sha256 / server: diffie-hellman-group14-sha1) at org.opendaylight.netconf.shaded.sshd.common.session.helpers.AbstractSession.negotiate(AbstractSession.java:1873) ~[bundleFile:?] at org.opendaylight.netconf.shaded.sshd.common.session.helpers.AbstractSession.doKexNegotiation(AbstractSession.java:702) ~[bundleFile:?] ...
This issue is present on both master (1.13.1-SNAPSHOT) and 1.9.3-SNAPSHOT versions.
Cause of this problem is most probably bump of sshd library to version 2.6.0.
I tested same scenario on branch 1.9.3-SNAPSHOT but before this commit and everything worked OK.
https://git.opendaylight.org/gerrit/c/netconf/+/95257
- relates to
-
NETCONF-752 Upgrade sshd to 2.6.0
- Resolved
-
NETCONF-887 Netconf callhome failed for devices with old KEX algorithms (SHA1)
- Resolved